Russ Hensley
In today’s business world, there isn’t much that doesn’t require a connection to a computer or a network. We know from recent headlines that businesses can be brought to their knees by problems like ransomware and phishing attacks, but other risks such as tornados, flood or fires can also devastate a computer network. If your IT plans don’t address some or all of these issues, then your business may be at risk.
Practically speaking, a company relies on its computer network as an essential tool in conducting day-to-day business. And, as a business owner, there are things you should do to make sure those computers continue to work effectively, efficiently and securely.
It’s easy to overlook these measures when everything is working properly. If and when an issue arises, however, you’ll be glad to have taken precautionary measures. For example, what would you do if you were to walk into your business tomorrow morning and learn that three months ago an employee clicked on a link in an email and ransomware was installed? It lay dormant in the system until the hackers activated it, remoted into your network and stole your company information and even your clients’ information. Then, on the way out of your network, they encrypted every PC in your business and sent you an extortion note for $250,000 to unlock your data.
If you think that scenario isn’t real, then you should probably unplug your cable modem. In late April, this very scenario happened to an attorney’s office in Louisville. An account was published in the Courier Journal after the hackers Tweeted about it and a wire service that reports on hacking picked up the story.
While you don’t know where or when a cyberattack or natural disaster will strike, a little prevention goes a long way in protecting your business from the worst.
To help guard against a similar scenario, here is a short checklist of the most basic steps for your business to consider:
• Does your business currently carry cyber insurance?
• Do you have multi-factor authentication enabled on all of your cloud services providers, where you need a password and a PIN from an authenticator app on your phone to log into the cloud service?
• Does your internet firewall have content filtering and malware protection and is it enabled?
• Do you have your critical files on your server, computers and cloud environment backed up both on- and o.-site?
• Have you tested that backup?
• Do you have antivirus software with an actively supported subscription?
• Do you have automatic patching enabled on your computers and reboot them as needed for the patches to be installed? Do you check those are running and working?
• Do you offer basic security training company for your users to educate them about hacking and phishing?
• Do you have a framework for your business to check that you have an understanding of your business's data and policies, such as the NIST Cybersecurity Framework?
• Does your IT person understand the items in this checklist?
• If you use an IT company, do they have someone on staff who is a Certified Information Systems Security Professional or similar?
• Does your IT company offer managed services or managed security services?
In the past year, hacking and reports of cybersecurity are routinely in the news, and just because you’re a small business in Central Kentucky don’t think they aren’t coming for you. The lists used for email phishing are broad and random. Further, you’re just as likely to have an attempted hack originate from a company in your supply chain, such as a vendor or company you work with on projects. While you don’t know where or when a cyberattack or natural disaster will strike, a little prevention goes a long way in protecting your business from the worst.
Russ Hensley, CEO of Hensley/Elam, is a Certified Information Systems Security Professional (CISSP) with over a decade of direct security experience consulting in finance, health care, legal and other industries. He also has more than 26 years of general IT experience running one of Kentucky’s largest IT service companies. Visit www.hea.biz for information.